NASA appoints deputy CIO for information security

US civil servant gets security job at aerospace agency

NASA this week appointed Valarie Burks as its deputy CIO for Information Technology Security.

Burks replaces Jerry Davis, who left NASA last July to take over as the security chief at the Department of Veterans Affairs. NASA describes Burks as experienced in IT infrastructure development and management.

Burks was previously the associate CIO for cyber and privacy policy and oversight at the US Department of Agriculture and was responsible for managing the department's governance, risk, crisis management and compliance functions. Burks is credited with developing and implementing a centre of excellence for information security at the USDA.

Burks previously handled IT management functions at the White House Office of Management and Budget, Department of Commerce and the Government Accountability Office.

Burks' appointment to her new role is likely to be closely watched by security analysts.

Davis is credited with creating at NASA an operations-oriented information security, rather than one that focuses purely on maintaining compliance with the Federal Information Security Act (FISMA) standard.

Alan Paller, director of research at the SANS Institute, an organisation that provides security training and certification services for many government organizations, said that NASA CIO Linda Cureton's is looking to Burks to continue that strategy.

"Cureton is just the second (federal CIO) to move an operations person who is also a good leader, into the top role," in information security, Paller said. The only other federal CIO to adopt such an approach is Roger Baker at the VA, he added.

"[Some] federal CIOs have awakened to the fact that their CISOs are compliance rather than operations people," Paller said. "They were getting reports instead of secure systems."

Some federal CISOs have proved somewhat inept at managing and improving security because of their focus on compliance management, he said. "All they [can] do is wave FISMA around and say 'you have to do this or that,'" Paller said.